Dr. Tamás Holczer

Short Bio

Tamás HOLCZER was born in 1981 in Budapest. He received the Ph.D. degree in Computer Science from the Budapest
University of Technology and Economics (BME) in 2013. Since 2013 he has been working as an assistant professor
in the Laboratory of Cryptography and System Security (CrySyS), Department of Telecommunications, Budapest
University of Technology and Economics.
Fields of interest: In the past his research interests and his Ph.D. dissertation were focused on the privacy problems of wireless sensor networks and ad hoc networks (Ph.D. dissertation title: "Privacy enhancing protocols for wireless networks"). Lately he is working on the security aspects of cybe physical systems. The research topics include: security of industrial control networks, honeypot technologies in embedded systems, network monitoring and intrusion detection in industrial networks, and security aspects of intra-vehicular networks.

Current Courses

This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional career, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.

This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional career, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.

This course gives a detailed introduction into the security problems of computer networks, and it gives an overview of the possible solutions to those problems. It also covers issues related to secure operation of networks in practice, including modern tools and techniques used to ensure security. Students get theoretical knowledge and practical skills that form the basis of secure network operations, and allow them to assess security risks, understand threats and vulnerabilities, select and integrate appropriate security solutions, and to design new security mechanisms. The course also serves as a basis for obtaining skills in penetration testing and ethical hacking of networks.

This laboratory extends and deepens the knowledge and skills obtained in the courses of the IT Security minor specialization by solving practical, hands-on exercises in real, or close-to-real environments.

Keywords

Abstract

Protocol specifications describe the interaction between different entities by defining message formats and message
processing rules. Having access to such protocol specifications is
highly desirable for many tasks, including the analysis of botnets,
building honeypots, defining network intrusion detection rules,
and fuzz testing protocol implementations. Unfortunately, many
protocols of interest are proprietary, and their specifications
are not publicly available. Protocol reverse engineering is an
approach to reconstruct the specifications of such closed protocols. Protocol reverse engineering can be tedious work if done
manually, so prior research focused on automating the reverse
engineering process as much as possible. Some approaches rely
on access to the protocol implementation, but in many cases, the
protocol implementation itself is not available or its license does
not permit its use for reverse engineering purposes. Hence, in
this paper, we focus on reverse engineering protocol specifications
based solely on recorded network traffic. More specifically, we
propose a method that can infer protocol message formats as
well as certain field semantics for binary protocols from network
traces. We demonstrate the usability of our approach by running
it on packet captures of two known protocols, Modbus and
MQTT, then comparing the inferred specifications to the known
specifications of these protocols.

Keywords

Digital forensics, CAN network

Abstract

Accident reconstruction is the process of reliably discovering what has happened before a serious event. We show how the most widely used intra vehicular network (namely the Controller Area Network, CAN) can be used in this process. We show how the actual velocity and steering wheel position transmitted on the CAN network can be used to reconstruct the trajectory of a vehicle. This trajectory is an essential input in the reconstruction process. In this paper, we show how the CAN traffic of an actual vehicle can be used to recon- struct the trajectory of the vehicle, and we evaluate our approach in several real life experiments including normal and pre-accident situations.

2016

Intrusion detection in Cyber Physical Systems Based on Process Modelling

Abstract

Cyber physical systems (CPS) are used to control chemical processes, and can be found in manufacturing, civil infrastructure, energy industry, transportation and in many more places. There is one common characteristic in these areas, their operation is critical as a malfunction can potential be life-threatening. In the past, an attack against the cyber part of the systems can lead to physical consequences. The first well known attack against a CPS was Stuxnet in 2010. It is challenging to develop countermeasures in this field without endangering the normal operation of the underlying system. In our research, our goal was to detect attacks without interfering with the cyber physical systems in any way. This can be realized by an anomaly detection system using passive network monitoring. Our approach is based on analysing the state of the physical process by interpreting the communication between the control system and the supervisory system. This state can be compared to a model based prediction of the system, which can serve as a solid base for intrusion detection. In order to realize our intrusion detection system, a testbed was built based on widely used Siemens PLCs. Our implementation consists of three main parts. The first task is to understand the network communication in order to gain information about the controlled process. This was realized by analysing and deeply understanding the publicly undocumented Siemens management protocol. The resulting protocol parser was integrated into the widely-used Bro network security monitoring framework. Gathering information about the process state for a prolonged time creates time series. With these time series, as the second step, statistical models of the physical process can be built to predict future states. As the final step, the new states of the physical process can be compared with the predicted states. Significant differences can be considered as an indicator of compromise.

Keywords

Abstract

Smart grids consist of suppliers, consumers, and other parts. The main suppliers are normally supervised by industrial control sys- tems. These systems rely on programmable logic controllers (PLCs) to control industrial processes and communicate with the supervisory sys- tem. Until recently, industrial operators relied on the assumption that these PLCs are isolated from the online world and hence cannot be the target of attacks. Recent events, such as the infamous Stuxnet attack [15] directed the attention of the security and control system community to the vulnerabilities of control system elements, such as PLCs. In this paper, we design and implement the Crysys PLC honeypot (CryPLH) system to detect targeted attacks against industrial control systems. This PLC honeypot can be implemented as part of a larger security monitoring system. Our honeypot implementation improves upon existing solutions in several aspects: most importantly in level of interaction and ease of configuration. Results of an evaluation show that our honeypot is largely indistinguishable from a real device from the attacker’s perspective. As a collateral of our analysis, we were able to identify some security issues in the real PLC device we tested and implemented specific firewall rules to protect the device from targeted attacks.

Abstract

In the past few years, research interest has been increased towards wireless
sensor networks (WSNs) and their application in both the military and civil
domains. To support scalability in WSNs and increase network lifetime, nodes
are often grouped into disjoint clusters. However, secure and reliable clustering,
which is critical in WSNs deployed in hostile environments, has gained modest
attention so far or has been limited only to fault tolerance. In this paper, we
review the state-of-the-art of clustering protocols inWSNs with special emphasis
on security and reliability issues. First, we define the taxonomy of security and
reliability for cluster head election and clustering in WSNs. Then, we describe
and analyze the most relevant secure and reliable clustering protocols. Finally,
we propose countermeasures against typical attacks and show how they improve
the discussed protocols.

Abstract

In this paper, we study the problem of traffic
analysis attacks in wireless body area sensor networks. When
these networks are used in health-care for remote patient
monitoring, traffic analysis can reveal the type of medical sensors
mounted on the patient, and this information may be used
to infer the patient’s health problems. We show that simple
signal processing methods can be used effectively for performing
traffic analysis attacks and identifying the sensor types in a
rather weak adversary model. We then investigate possible
traffic obfuscation mechanisms aiming at hiding the regular
patterns in the observable wireless traffic. Among the investigated
countermeasures, traffic shaping, a mechanism that introduces
carefully chosen delays for message transmissions, appears to be
the best choice, as it achieves close to optimal protection and
incurs no overhead.

Abstract

In mission critical cyber-physical systems, dependability is an important requirement at all layers of the system architecture. In this paper, we propose protocols that increase the dependability of wireless sensor networks, which are potentially useful building blocks in cyber physical systems. More speciﬁcally, we propose two private aggregator node election protocols, a private data aggregation protocol, and a corresponding private query protocol for sensor networks that allow for secure in-network data aggregation by making it difﬁcult for an adversary to identify and then physically disable the designated aggregator nodes. Our advanced protocols resist strong adversaries that can physically compromise some nodes.

Abstract

Designing a routing protocol for large low-power
and lossy networks (LLNs), consisting of thousands of con-strained nodes and unreliable links, presents new challenges.
The IPv6 Routing Protocol for Low-power and Lossy Networks
(RPL), have been developed by the IETF ROLL Working
Group as a preferred routing protocol to provide IPv6 routing
functionality in LLNs. RPL provides path diversity by building
and maintaining directed acyclic graphs (DAG) rooted at one
(or more) gateway. However, an adversary that impersonates
a gateway or has compromised one of the nodes close to the
gateway can divert a large part of network trafﬁc forward
itself and/or exhaust the nodes’ batteries. Therefore in RPL,
special security care must be taken when the Destination Oriented
Directed Acyclic Graph (DODAG) root is updating the Version
Number by which reconstruction of the routing topology can
be initiated. The same care also must be taken to prevent
an internal attacker (compromised DODAG node) to publish
decreased Rank value, which causes a large part of the DODAG
to connect to the DODAG root via the attacker and give it the
ability to eavesdrop a large part of the network trafﬁc forward
itself. Unfortunately, the currently available security services in
RPL will not protect against a compromised internal node that
can construct and disseminate fake messages. In this paper, a
new security service is described that prevents any misbehaving
node from illegitimately increasing the Version Number and
compromise illegitimate decreased Rank values.

Abstract

A delay-tolerant network is a mobile ad hoc network where the
message dissemination is based on the store-carry-and-forward
principle. This principle raises new aspects of the privacy problem.
In particular, an attacker can build a user profile and trace the
nodes based on this profile even if the message exchange protocol
provides anonymity. In this paper, an attacker model is presented
and some proposed attackers are implemented. We analyze the
efficiency of both the attacks and the proposed defense mechanism,
called Hide-and-Lie Strategy. We show that without any defense
mechanism, the nodes are traceable, but with the Hide-and-Lie
Strategy, the success probability of an attacker can be made equal
to the success probability of the simple guessing. Furthermore, in
some scenarios, the Hide-and-Lie Strategy increases the message
delivery ratio. The number of downloaded messages and the maximal
memory size required to apply the proposed privacy defense mechanism
is also investigated.

Perfectly Anonymous Data Aggregation in Wireless Sensor Networks

L. Buttyán, T. Holczer

Proceedings of The 7th IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS 2010), IEEE, San Francisco, November 8-12, 2010.

Abstract

Clustering and data aggregation in wireless sensor networks improves
scalability, and helps the efficient use of scarce resources. Yet,
these mechanisms also introduce some security issues; in particular,
aggregator nodes become attractive targets of physical destruction
and jamming attacks. In order to mitigate this problem, we propose a
new private aggregator node election protocol that hides the
identity of the elected aggregator nodes both from external
eavesdroppers and from compromised nodes participating in the
protocol. We also propose a private data aggregation protocol and a
corresponding private query protocol which allows the aggregators to
collect sensor readings and respond to queries of the base station,
respectively, without revealing any useful information about their
identity to external eavesdroppers and to compromised nodes.

Abstract

Clustering is a useful mechanism in wireless sensor networks
that helps to cope with scalability problems and, if
combined with in-network data aggregation, may increase
the energy efficiency of the network. At the same time, by
assigning a special role to the cluster head nodes, clustering
makes the network more vulnerable to attacks. In particular,
disabling a cluster head by physical destruction or jamming
may render the entire cluster inoperable temporarily until
the problem is detected and a new cluster head is elected.
Hence, the cluster head nodes may be attractive targets
of attacks, and one would like to make it difficult for
an adversary to identify them. The adversary can try to
identify the cluster head nodes in various ways, including
the observation of the cluster head election process itself and
the analysis of the traffic patterns after the termination of the
cluster head election. In this paper, we focus on the former
problem, which we call the private cluster head election
problem. This problem has been neglected so far, and as
a consequence, existing cluster head election protocols leak
too much information making the identification of the elected
cluster head nodes easy even for a passive external observer.
We propose the first private cluster head election protocol
for wireless sensor networks that is designed to hide the
identity of the elected cluster head nodes from an adversary
that can observe the execution of the protocol.

Abstract

Untraceability of vehicles is an important requirement
in future vehicle communications systems. Unfortunately,
heartbeat messages used by many safety applications provide
a constant stream of location data, and without any protection
measures, they make tracking of vehicles easy even for a passive
eavesdropper. One commonly known solution is to transmit
heartbeats under pseudonyms that are changed regularly in order
to obfuscate the trajectory of vehicles. However, this approach is
effective only if some silent period is kept during the pseudonym
change and several vehicles change their pseudonyms nearly
at the same time and at the same location. Unlike previous
works that proposed explicit synchronization between a group
of vehicles and/or required pseudonym change in a designated
physical area (i.e., a static mix zone), we propose a much simpler
approach that does not need any explicit cooperation between
vehicles and any infrastructure support. Our basic idea is that
vehicles should not transmit heartbeat messages when their speed
drops below a given threshold, say 30 km/h, and they should
change pseudonym during each such silent period. This ensures
that vehicles stopping at traffic lights or moving slowly in a traffic
jam will all refrain from transmitting heartbeats and change their
pseudonyms nearly at the same time and location. Thus, our
scheme ensures both silent periods and synchronized pseudonym
change in time and space, but it does so in an implicit way. We
also argue that the risk of a fatal accident at a slow speed is
low, and therefore, our scheme does not seriously impact safety-of-
life. In addition, refraining from sending heartbeat messages
when moving at low speed also relieves vehicles of the burden
of verifying a potentially large amount of digital signatures, and
thus, makes it possible to implement vehicle communications with
less expensive equipments.

Abstract

Significant developments have taken place
over the past few years in the area of vehicular
communication systems. Now, it is well understood
in the community that security and protection
of private user information are a
prerequisite for the deployment of the technology.
This is so precisely because the benefits of
VC systems, with the mission to enhance transportation
safety and efficiency, are at stake.
Without the integration of strong and practical
security and privacy enhancing mechanisms, VC
systems can be disrupted or disabled, even by
relatively unsophisticated attackers. We address
this problem within the SeVeCom project, having
developed a security architecture that provides
a comprehensive and practical solution.
We present our results in a set of two articles in
this issue. In this first one, we analyze threats
and types of adversaries, identify security and
privacy requirements, and present a spectrum of
mechanisms to secure VC systems. We provide a
solution that can be quickly adopted and
deployed. In the second article we present our
progress toward the implementation of our
architecture and results on the performance of
the secure VC system, along with a discussion of
upcoming research challenges and our related
current results.

2007

Group-Based Private Authentication

G. Avoine, L. Buttyán, T. Holczer, I. Vajda

In Proceedings of the International Workshop on Trust, Security, and Privacy for Ubiquitous Computing (TSPUC 2007), IEEE, Helsinki, Finland, Jun 18 , 2007.

Abstract

We propose a novel authentication scheme that ensures privacy of the provers. Our scheme is based on symmetric-key cryptography, and therefore, it is well-suited to resource constrained applications in large scale environments. A typical example for such an application is an RFID system, where the provers are low-cost RFID tags, and the number of the tags can potentially be very large. We analyze the proposed scheme and show that it is superior to the well-known key-tree based approach for private authentication both in terms of privacy and efficiency.

On the Effectiveness of Changing Pseudonyms to Provide Location Privacy in VANETs

L. Buttyán, T. Holczer, I. Vajda

In Proceedings of the Fourth European Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS2007), Springer, Cambridge, UK, July 2-3, , 2007.

Abstract

The promise of vehicular communications is to make road traffic safer and more efficient. However, besides the expected benefits, vehicular communications also introduce some privacy risk by making it easier to track the physical location of vehicles. One approach to solve this problem is that the vehicles use pseudonyms that they change with some frequency. In this paper, we study the effectiveness of this approach.We define a model based on the concept of the mix zone, characterize the tracking strategy of the adversary in this model, and introduce a metric to quantify the level of privacy enjoyed by the vehicles. We also report on the results of an extensive simulation where we used our model to determine the level of privacy achieved in realistic scenarios. In particular, in our simulation, we used a rather complex road map, generated traffic with realistic parameters, and varied the strength of the adversary by varying the number of her monitoring points. Our simulation results provide detailed information about the relationship between the strength of the adversary and the level of privacy achieved by changing pseudonyms.

2006

Optimal Key-Trees for Tree-Based Private Authentication

L. Buttyán, T. Holczer, I. Vajda

In Proceedings of the International Workshop on Privacy Enhancing Technologies (PET), June, 2006, Springer.

Abstract

Key-tree based private authentication has been proposed by Molnar and Wagner as a neat way to efficiently solve the problem of privacy preserving authentication based on symmetric key cryptography. However, in the key-tree based approach, the level of privacy provided by the system to its members may decrease considerably if some members are compromised. In this paper, we analyze this problem, and show that careful design of the tree can help to minimize this loss of privacy. First, we introduce a benchmark metric for measuring the resistance of the system to a single compromised member. This metric is based on the well-known concept of anonymity sets. Then, we show how the parameters of the key-tree should be chosen in order to maximize the system's resistance to single member compromise under some constraints on the authentication delay. In the general case, when any member can be compromised, we give a lower bound on the level of privacy provided by the system. We also present some simulation results that show that this lower bound is quite sharp. The results of this paper can be directly used by system designers to construct optimal key-trees in practice; indeed, we consider this as the main contribution of our work.

Abstract

Sensor networks are large scale networks consisting of several nodes and some base stations. The nodes are monitoring the environment and send their measurement data towards the base stations possibly via multiple hops. Since the nodes are often battery powered, an important design criterion for sensor networks is the maximization of their lifetime. In this paper, we consider multi-domain sensor networks, by which we mean a set of sensor networks that co-exist at the same physical location but run by different authorities. In this setting, the lifetime of all networks can be increased if the nodes cooperate and also forward packets originating from foreign domains. There is a risk, however, that a selfish network takes advantage of the cooperativeness of the other networks and exploits them. We study this problem in a game theoretic setting, and show that, in most cases, there is a Nash equilibrium in the system, in which at least one of the strategies is cooperative, even without introducing any external incentives (e.g., payments).